In an app I need to edit a user's user name, email, phone, and password (for the optional password, I found this solution ).
But this change is made via API. Since it involves data change I need to know how to make this change safely. If it were only on the web I would use current_user which would guarantee that only the logged in user would change their own data. But in this case I do not know how it works.